Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

For several years, until the end of June, I self-hosted my e-mail. My ISP, atypically, offers static IP addresses, and I ran my own mail server and had several domains registered here.

Its no surprise I got a lot of spam delivered here, especially through e-mail addresses published for years in articles Ive written.

But I thought when I moved my domains, that would change. At the end of June I moved my domains to a hosting account and the DNS for those domains, including the MX records (which point to the mail servers).

I removed all the domain records from the mail server, but in order to check for errors, I left the server on and logging.

Its more than three weeks later now, and guess what? Mail is still pouring into my server here.

I didnt think it possible, but the whole episode has actually lowered my opinion of spammers. Theyre still at zero Kelvin on the morality scale, but my sense of their competence has taken a beating.

When you send e-mail, for instance to larryseltzer@ziffdavis.com, at some point a mail transfer agent in the process of delivering your message will look at the "ziffdavis.com" part of it and query DNS to see what the MX record is, and attempt to deliver it to that server.

Exactly how this happens depends on a lot of variables, but I think Ive described the essential parts fairly.

In my case, on June 30 I changed the authoritative DNS for my e-mail domains and set the new DNS to point to a different server. DNS working the way it does, conventional wisdom says that it takes a few days for these changes to replicate out to the Internet as a whole.

Theres also the lesser issue of TTL or Time To Live, which defines the lifetime of a DNS cache entry.

In order to spare DNS servers from constant beatings in times of heavy traffic, clients are designed to cache entries for a period of time defined in the DNS as the TTL. My TTL is one hour, so it couldnt explain a long-term problem.

By the third day, it seemed to me that all the legitimate mail had moved on to the new servers and everything left was nakedly illegitimate.

Every single message sent to my server since then has been rejected with an SMTP 551 error: "User not local. Authentication required for relay."

So, if none of the DNS out there point back to my home server, why are the spammers still sending to me?

Because the zombies or bots out there sending this mail have been instructed not to follow the SMTP protocol: They dont look up the MX server of the destination address, they have been given a specific IP address of a server to use.

I suppose theres an efficiency in this from one point of view, in that it removes some DNS lookups. And perhaps a bot installed on a broadband client system that performed a large number of MX DNS lookups would look suspicious and perhaps draw attention.

Of course the bursts of mail going out port 25 should also draw attention, but they dont actually seem to often enough.

Looking back at the last few messages, I see not only attempts to send mail to me but several messages from some user somewhere (and undoubtedly a fake from address) to some other user somewhere else, not on my servers. In other words, this message assumes Im an open relay. Im not. I dont think I ever have been.

Incidentally, I have some numbers on the ISPs of the systems sending the traffic to me.

By far the greatest number, 88 out of 337, were on Comcast. 66 were on Road Runner, and 24 on AT&T/SBC. The rest were generally on far-eastern networks.

Its tempting to think that spammers are rational actors and what they do is designed to increase the chances that their e-mail gets delivered, but the fact is that a lot of spammers are stupid about their programming and lazy about maintenance.

What percentage of e-mail traffic on the wire is so broken in this and other ways that it literally has no chance of being delivered? My next column will have more tales of wasted and abusive Internet traffic, and something to do about it.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. He can be reached at larryseltzer@ziffdavis.com.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.